The only way to restore a single OU is: 1. Pick a DC (any DC should do) - you may not want to pick the FSMO. 2. Use F8 and boot into DS restore mode. 3. Use ntbackup or TSM to restore complete AD database (you cannot restore an OU). 4. Use NTDSUtil to mark the particular OU as authoritative - this results in updating the timestamps on these objects so that AD replication results in these being replicated but not the rest of the restored AD.
-----Original Message----- From: Consiglio, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 11:12 AM To: [EMAIL PROTECTED] Subject: HELP !! DR on OU in AD Hello, I was wondering if anyone might help shed some light on these questions. I can not find a specific answer anywhere Scenario: - Using TSM 5.1x - also tried using NTBackup on W2K DC - 12 DC's - all DC's are fine, AD NOT corrupt, syncing just fine. - One OU (nested or otherwise) appears to be corrupt in AD. I need to restore "just that OU" not the entire AD Questions: 1.) Is the only way to restore a bad/corrupt OU, to use NTDSUtil and run through the command lines to do an"Authoritative restore of that particular "SUB-Tree"? (ie.. ntdsutil:> authoritative restore - restore sub tree [location]- quit. Example: The rest of the AD is fine...However, for some reason an Admin feels that OU is corrupted... After troubleshoot we decide to restore just that OU. a.) Can I assume at this point, that this corrupt OU has Sync'ed across the AD? b.) If not: what are my options? c.) If so: What are my options then? (Do I have to do any cleanup in the AD anywhere, first?) d.) Is there any other way to restore a corrupt OU in the AD other than using NTDSUtil? 2.) If we have determined that we need to restore just a corrupt OU, "How" and "Where" do I restore that "OU" from?? (I ask this because even in NTBackup, when you do a restore, all you see is the "system state" object called "AD". Nothing allows you to drill down to a "specific" OU and select "just that" OU to restore back to a DC. So how do I "find" the OU I need to restore into AD from Tape? or from any backup media..... a.) Do I have to do an "entire AD restore "authoritatively", to get back one OU? [I know that the NTDSUtil allows the ability to restore just a single OU, but where am I getting that "good OU data and/or object" from?] 3.) Assuming I now know where to get the good OU object data from, and assuming that the corrupt OU has sync'ed across AD, which DC do I chose to put into DR mode (F8) and restore the good OU data to? [Given the fact that the rest of the AD is fine (I surly "DO NOT" want to fat finger the entire AD by doing an Authoritative restore in the wrong place and causing more issues)]. Any and all help would be great. Thanks Tony ******************************************** Anthony F.Consiglio Senior Systems Analyst II Network Engineer, LAN Systems Tel: 645-7340, FAX: 645-3543 E-MAIL: [EMAIL PROTECTED]
